0.20: Block lost when multiple DNs trying to recover it to different genstamps

Details

Description

Saw this issue on a cluster where some ops people were doing network changes without shutting down DNs first. So, recovery ended up getting started at multiple different DNs at the same time, and some race condition occurred that caused a block to get permanently stuck in recovery mode. What seems to have happened is the following:

FSDataset.tryUpdateBlock called with old genstamp 7091, new genstamp 7094, while the block in the volumeMap (and on filesystem) was genstamp 7093

we find the block file and meta file based on block ID only, without comparing gen stamp

we rename the meta file to the new genstamp _7094

in updateBlockMap, we do comparison in the volumeMap by oldblock without wildcard GS, so it does not update volumeMap

validateBlockMetaData now fails with "blk_7739687463244048122_7094 does not exist in blocks map"

After this point, all future recovery attempts to that node fail in getBlockMetaDataInfo, since it finds the _7094 gen stamp in getStoredBlock (since the meta file got renamed above) and then fails since _7094 isn't in volumeMap in validateBlockMetadata

Making a unit test for this is probably going to be difficult, but doable.

sam rash
added a comment - 24/Jun/10 00:55 about the testing, any reason not to use one of the adapters instead of making this public?
public long nextGenerationStampForBlock(Block block) throws IOException {
sorry, i'm a stickler for visibility/encapsulation bits when i can be

Todd Lipcon
added a comment - 24/Jun/10 01:22 Yea, we could move it to a MockitoUtil class or something. Let's tackle that when we move all these tests forward to trunk (I plan to do that in July hopefully)

After months of running this test I ran into this failure attached above. One of the DNs somehow ends up with multiple meta files for the same block, but at different generation stamps.

I think the issue is in the implementation of DataNode.updateBlock(). The block passed in doesn't have a wildcard generation stamp, but we don't care - we go and find the block on disk without matching generation stamps. I think this is OK based on the validation logic - we still only move blocks forward in GS-time, and don't revert length. However, when we then call updateBlockMap() it doesn't use a wildcard generation stamp, so the block can get left in the block map with the old generation stamp. This inconsistency I think cascades into the sort of failure seen in the attached log.

Todd Lipcon
added a comment - 25/Aug/10 20:55 After months of running this test I ran into this failure attached above. One of the DNs somehow ends up with multiple meta files for the same block, but at different generation stamps.
I think the issue is in the implementation of DataNode.updateBlock(). The block passed in doesn't have a wildcard generation stamp, but we don't care - we go and find the block on disk without matching generation stamps. I think this is OK based on the validation logic - we still only move blocks forward in GS-time, and don't revert length. However, when we then call updateBlockMap() it doesn't use a wildcard generation stamp, so the block can get left in the block map with the old generation stamp. This inconsistency I think cascades into the sort of failure seen in the attached log.
I think the solution is:
Change updateBlock to call updateBlockMap with a wildcard generation stamp key
Change the interruption code to use a wildcard GS block when interrupting concurrent writers
I will make these changes and see if the rest of the unit tests still pass, then see if I can come up with a regression test.

I don't believe so - I think the new append design in trunk prevents this issue. There is an existing open JIRA against trunk about forward-porting all append-related test cases to the new trunk implementation to be sure the new design doesn't suffer from the same issues.

Todd Lipcon
added a comment - 04/Oct/11 20:47 I don't believe so - I think the new append design in trunk prevents this issue. There is an existing open JIRA against trunk about forward-porting all append-related test cases to the new trunk implementation to be sure the new design doesn't suffer from the same issues.